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CLAIMS : 

1. A methwpd in a data processing system for maintaining a 
secure data^lock within said system, said method comprising 
the steps of\\ 

establishing a block of data within said system, said 
block of data Vbeing associated with a particular user and a 
particular appLication; 

establishing a hardware master key pair for said 
system, said hardware master key pair including a master 
private key and la master public key, said hardware master 
key pair being associated with said system so that said 
master private key is known to only said system; and 

encrypting said block of data utilizing said master 
public key, said paster private key being required to 
decrypt said encrVpted block of data, wherein only said data 
processing system is capable of decrypting said encrypted 
block of data. 

2. The method according to claim 1, further comprising the 
step of storing said encrypted block of data in a non- 
protected storage device. 

3. The method according to claim 2, further comprising the 
steps of : / 

establishing an encryption device having an encryption 
engine and a protected storage device, said protected 
storage device being accessible only through said encryption 
engine ; and I 



RP9-99-048 




Storing said hardware master key pair in said protected 
storage device. 

4. The rdethod according to claim 3, further comprising the 
step of said encryption engine encrypting said block of data 
utilizing said master public key stored in said protected 
storage device. 



5. The method according to claim 4, further comprising the 
step of a ren^te data processing system executing said 
application. 



thcid 



6 . The me 
step of establ 
application. 



according to claim S, further comprising the 
Lshing a browser program for accessing said 



7. The methoq according to claim 6, further comprising the 
steps of: 



said browser program initiating a session with said 
application; 

said browser requesting said encryption device to 
decrypt said encrypted block of data; 



in response 
decrypting said 
master private 



o said request, said encryption device 
ejicrypted block of data utilizing said 
; and 



key 



said encryption device transmitting said decrypted 
block of data to said browser program. 

8. The meth(4i according to claim 7, further comprising the 
step of said browser program transmitting said decrypted 
block of data :o &ai3^ application . 



RP9-99-048 



• 



- 16 - 



9, The method according to claim 8, wherein said step of 
storing said eD^ctypted block of data in said non-protected 
storage further^ comprises the step of storing said encrypted 
block of daia in a hard drive. 

10. A data processing system for maintaining a secure data 
block within said system, comprising: 

said system executing code for establishing a block of 
data withtLn said system, said block of data being associated 
with a patticular user and a particular application; 

said Isystem executing code for establishing a hardware 
master keyi pair for said system, said hardware master key 
pair inclulding a master private key and a master public key, 
said hardware master key pair being associated with said 
system so that said master private key is known to only said 
system; and 



said dtystem executing code for encrypting said block of 
data utilizing said master public key, said master private 
key being required to decrypt said encrypted block of data, 
wherein only said data processing system is capable of 
decrypting s\aid encrypted block of data. 



:em according to claim 10, further comprising 
executing code for storing said encrypted block 
non-protected storage, device. 

-em according to claim 11, further comprising: 



11. The sys 
said system 
of data in a 

12 . The sys 

an encryption device having an encryption engine and a 
protected storage device, said protected storage device 
being accessible only through said encryption engine; and 
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saa\a encryption device executing code for storing said 
hardware \master key pair in said protected storage device. 

13. The ^ystem according to claim 12, further comprising 
said encryption engine executing code for encrypting said 
block of data utilizing said master public key stored in 
said protedjted storage device. 



14. The syatem according to claim 13, further comprising a 
remote data processing system capable of executing said 
application.! 

15. The sysiem according to claim 14, further comprising 
said system Executing code for establishing a browser 
program for accessing said application. 

16. The system according to claim 15, further comprising: 

said systiem executing code for said browser program 
initiating a session with said application; 

2m executing code for said browser requesting 
^ device to decrypt said encrypted block of 



said syst 
said encrypt! 
data; 



loh 



in response to said request, said encryption device 
capable of deciypting said encrypted block of data utilizing 
said master private key; and 



said 
said decrypted 



encryjption device executing code for transmitting 
Dlock of data to said browser program. 



17. The system ^acrcording to claim 16, further comprising 
said system axeoMamng code for said browser program 
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transmitning said decrypted block of data to said 
applicatic 

18. The syistem according to claim 17, further comprising a 
hard dr»ive for storing said encrypted block of data. 

19 . A data processing system for maintaining a secure data 
block within said system, comprising: 

said systlem executing code for establishing a block of 
data within said system, said block of data being associated 
with a particui^ar user and a particular application; 

an encryption device exeG?uting \ code for establishing a 
hardware master key pair for/said sj^stem, said hardware 
master key pair including a/master private key and a master 
public key, said lhardware master kiy pair being associated 
with said system ^o that Sjkid ma^^^ privat^^ey is known to 
only said system; 



said system executing code for encrypting said block of 
data utilizing said master public key, said master private 
key being required Ito decrypt said encrypted block of data, 
wherein only said deta processing system is capable of 
decrypting said encrypted block of data; 



said system exe 
block of data in a 



cuting code for storing said encrypted 
h&rd drive; 



said encryptior 
a protected storage 
being accessible on 



device having an encryption engine and 
device, said protected storage device 
Ly through said encryption engine; 
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said encr^ 
hardware master 



said block of 



ion device executing code for storing said 
key pair in said protected storage device; 



said encryption engine executing code for encrypting 



ata utilizing said master public key stored 



in said protected storage device; 

a remote data processing system capable of executing 
said application; 



said systtem executing code for establishing a browser 
program for accessing said application; 



said system executin 



initiating a/ session wi 




,e for said browser program 



1 application; 



said system execut/ip^q cod ^for ^ ^said- browser requesting 
said encryj/tion device to decrypt said encrypted block of 
data; 



in response to said request, said encryption device 
capable of decrypting said encrypted block of data utilizing 
said master private key; 



said encryption device executing code for transmitting 
said defcrypted block of data to said browser program; 



said system executing code for said browser program 
transmitting said decrypted block of data to said 
application . 



